Blockchain Hacking Techniques 2022

The panel of security experts who participated in the selection process represented a wide range of perspectives from across the community. These experts included:

samczsun

Head of Security at Paradigm

Nikesh Nazareth

Security Researcher at OpenZeppelin

Tincho

cts

Ashiq Amien

PwningEth

Independent Security Researcher

Each expert brought a unique set of skills and experiences to the table, helping to ensure that the final selection was as comprehensive and accurate as possible.

This year's Top 10 Blockchain Hacking Techniques contest revealed a clear theme around the discovery of bugs at the level of precompile, node, or key generation. The Top 10 also includes a couple of new bug classes which have never been seen before.

Overall, the first annual endeavor was a success, given that the Web3 security community is now better informed about the novel hacking techniques that were discovered in the past year. In addition to the final ten, there were many other high-quality nominations that are worth reviewing as well. We encourage the security community to take a look at these additional resources and to continue working together to build a more secure and resilient blockchain ecosystem.

The double-entry point issue described in Compound-TUSD Integration Issue Retrospective is a perfect example of a bug that subtly breaks one thing and can lead to significant consequences. The bug arose from having two contracts controlling the same assets, which enabled the bypassing of a safety check and allowed for the sweeping of all TUSD from the Compound protocol. This, in turn, made it possible to mint fresh cTUSD at a discount.

It is also worth noting that the disclosure process for this bug was a collaborative effort among multiple parties. This cooperation allowed for the protection of other protocols beyond the original bug identified in the integration of TUSD in Compound. Overall, this example underscores the importance of thorough testing and diligent bug hunting to ensure the security and stability of blockchain protocols.

During the code assessment of the StarkNet-DAI-Bridge Smart Contracts audit, a security issue was discovered in a Cairo smart contract. As a relatively low-level language, Cairo has several potential pitfalls, and this issue is a prime example of one such problem. The language’s base type, felt,  currently contains 252 bits, which is different from Solidity’s uint type, which has 256 bits. As a result, Cairo provides an abstraction for uint256 which requires additional safety checks to be performed but it is easy to forget to do so.

Fortunately, many of these bugs can be mitigated by providing a higher-level API in Cairo or by applying static analysis tools to a codebase. The discovery of this bug highlights the importance of diligent testing and thorough code assessment to ensure the security and stability of blockchain protocols.

The Statemind team’s Avalanche Vulnerability Report: How We Discovered A $350M Risk and Avalanche Vulnerability Report: Technical overview revealed a clever exploit of seemingly innocuous behavior in the precompile which allowed for the sending of native assets and an optional call to the receiver. This exploit was used to break the security assumptions of Abracadabra and Sushi contracts on multiple chains.

"Interesting idea. Finding the vulnerable contracts is tricky!"

- pwningeth, Independent Security Researcher

"'L1 introduced a precompile that broke core security assumptions’ was not on anyone's threat modeling bingo card."

- samczsun, Head of Security at Paradigm

In a recent talk, blog post, and post-mortem, ChainSecurity demonstrated that reentrancy to view functions can result in devastating consequences. This work uncovered a new vulnerability type; unfortunately, it is not the last time we will see it. Unlike most reentrancy issues, this type affects protocols built on top of the reentered one. Despite this, not all protocols potentially affected by this bug have taken action, and there have been several hacks related to this vulnerability. It is crucial for all protocols to check for this vulnerability and take appropriate action. This research is an excellent contribution to the Web3 security community. 

"I've been a strong advocate of updating the perception that reentrancy is strictly A->B->A' where the exploit occurs in A'. This is one such counterexample."

- samczsun, Head of Security at Paradigm

One of the three research pieces by PwningEth in this year’s top ten highlights the difficulty of introducing a precompile that doesn’t break the security assumptions of applications. The research uncovered that a malicious contract could approve a caller’s funds for itself and steal them, but the issue was further escalated by the exploitation of callbacks. This enabled the exploit to become user interaction-free and turn other smart contracts into victims as well. The research showcases the importance of thorough testing and vetting of precompiles to ensure the security of the overall system.

This bug is deceptively simple and could have resulted in a loss of billions if not identified.

It serves as a reminder to exercise caution when calling functions that don’t return a value - especially the permit function - as they may not revert when expected. This issue could potentially affect other applications as well, making further research on this behavior a valuable pursuit for the future!

"This bug was unique due to the fact that it stemmed from a previously unknown subtlety involving WETH, the most widely used ERC20 token. While this vulnerability was not widespread across many different protocols, its impact was severe due to the enormous amounts of funds at risk, as well as the ease of exploit."

- Ashiq Amien, Independent Security Researcher

"An interesting exploit of mismatched assumptions with severe consequences."

- Nikesh Nazareth, Security Researcher at OpenZeppelin

This entry in the Top 10 Hacking Techniques of 2022 underscores the importance of considering delegatecalls in smart contract development.

Delegatecall-related issues are a common problem in blockchain security, and this particular vulnerability applies delegatecalls to a precompile. As a result, it was a serious issue that earned PwningEth one of the biggest bounties in the blockchain space and a 4th place ranking in the chart. It's important for developers to thoroughly review and test their code for potential delegatecall-related vulnerabilities to ensure the safety and security of their smart contracts.

For a more detailed technical explanation, we recommend reading the blog posts linked in this entry: 

Aurora Inflation Spend Bugfix Review: $6m Payout and Aurora Mitigates Its Inflation Vulnerability.

"You can't say it's not impactful"

- samczsun, Head of Security at Paradigm

"Another free money printing issue - awesome catch, good writeup, huge impact."

- Tincho, Ethereum Security Researcher, Creator of Damn Vulnerable Defi

This vulnerability allowed an attacker to empty all wrapped token contracts, and not only take over the balance of the wrapped token, but also buy other tokens from the DEX by using the wrapped token as a rubber check. An advanced attack had the potential of using the lending protocol to borrow all other tokens of value against the fraudulent deposit.

"A simple incompatibility that impacted a whole ecosystem"

- Nikesh Nazareth, Security Researcher at OpenZeppelin

Several wrapped token contracts were affected by this bug, which by itself, is a critical issue as the native balance could be drained. However, the impact is further spread as DEXes and lending markets all rely on the ecosystem’s wrapped token. The damage of this bug through direct loss and lending pool exploits is estimated to be near the $200 million mark, not accounting for the ripple effects caused by interfering with the protocols itself.

- Ashiq Amien, Independent Security Researcher

Despite being publicly disclosed, this bug remained relatively unnoticed until it was exploited approximately six months later.

In addition to the quotes from panelists describing the bug, we'd like to emphasize the importance of having a coordinated vulnerability disclosure process and the need to check if private keys were generated using tools like Profanity. If so, steps should be taken to migrate the keys to ensure their security.

If you are interested in delving deeper into the bug, we highly recommend checking out the ​​Exploiting the Profanity Flaw blog post. 

"While an exact total value at risk isn't available, it's likely that at least $160m was at risk, not counting several other known thefts."

- Ashiq Amien, Independent Security Researcher

"Not where you would usually expect to find a bug, extremely high impact across multiple unrelated people/projects, and possibly could've all been avoided."

- samczsun, Head of Security at Paradigm

"A silent exploit that leaves no trace. A good reminder that security requires careful attention to detail."

- Nikesh Nazareth, Security Researcher at OpenZeppelin

"The idea/algorithm that speeds up the brute forcing is brilliant! But the bug was exploited widely. The research has huge (negative) impact."

- pwningeth, Independent Security Researcher

Saurik found a peculiar bug even deeper than precompiles. Discovering an exploit at the node level earns top place for this finding.

"Still trying to decide what’s best, the writeup or the actual finding. Great catch by Saurik, adding yet another chapter to the story of the infamous selfdestruct."

- Tincho, Ethereum Security Researcher, Creator of Damn Vulnerable Defi

"This infinite mint bug takes my number 1 spot since its potential impact not only affects the chain the bug lives on but all of the surrounding chains too. This includes the protocols that live on the respective chains, as an infinite mint of the native optimism token would collapse many (if not all) optimism protocols, and many surrounding protocols up to the liquidity on the bridge to the respective chain."

- Ashiq Amien, Independent Security Researcher